[ On Thursday, July 3, 2003 at 17:45:17 (-0700), Michael Coulter wrote: ]
> Subject: Re: SSH as root
>
> Passwords are inferior to keys in at least 3 regards:
>
> - in the case of a MITM attack a password is compromised, a key is not

SSH doesn't, or at least isn't supposed to, suffer MITM vulnerabilities
and the passwords are (supposed to be) sent securely.

> - in the case of the server being compromised the password is compromised, a key is not

Well that depends on how the server is compromised. If the server is
physically stolen, for example, then the only added risk to using normal
unix passwords is when the same password(s) can be used to compromise
other systems (which is unfortunately possible all too often). After
all there's likely nothing to protect on the stolen server itself any
more. :-)

However on the other hand if the client is compromised then key may be
revealed, as you say below, whereas a password may not, depending on
exactly how the client system has been compromised.

> - keys can be stored with a passphrase making it necessary to steal the file
> itself as well as somehow obtain/bruteforce the passphrase, such as trojan'ing
> the ssh client or keylogging
>
> Passphrases are a very good idea. However, if the client computer is compromised
> you are in the same boat if you choose passwords, or keys with passphrases.
> The attacker needs to steal and file and capture the passphrase in the case of keys.
> In the case of passwords they can just capture the password itself.

Yes, indeed, if the client system is compromised then all bets are off,
especially if the client system is compromised in such a way that its
users are not immediately aware of the problem and thus are susceptable
to any number of kernel-level MITM, trojan, and data copying attacks
which can result in both theft of identity and just plain spoofing of
commands and data sent to the server.

In such a scenario a key may even be less secure if it has lead the
server adminstrator into a false sense of security and made them think
they can trust the identity of the connecting user from more random
source locations.

Also if the client system is compromised by theft then a password that
only the authorised user has in his or her memory cannot be stolen along
with the client system and its on-disk/in-memory data.

(of course if the client system has a wireless network connection, and
is stolen while SSH sessions are open, then no passwords or keys are
necessary to make use of those open sessions so long as the thief can
stay within range of the wireless access point! ;-)

Relevant Pages

Re: SSH as root...Server A to Server B, that if Server A was compromised, they now own Server ... see how passwords are less secure in anyone's mind, ... >> Passwords are inferior to keys in at least 3 regards: ... > unix passwords is when the same passwordcan be used to compromise...(SSH)

Re: ssh gives "Permission denied, please try again"... as secure as those Debian generated keys... ... If you always pick passwords whose first four letters are 'A' you're ... The point being that keys are not some panacia and those that think they ... lots of people attack passwords, nobody attacks keys....(uk.comp.os.linux)

Re: ssh gives "Permission denied, please try again"... possibly have enough entropy to be secure. ... If you always pick passwords whose first four letters are 'A' you're ... The point being that keys are not some panacia and those that think they ... I've seen a lot of dictionary attacks,...(uk.comp.os.linux)

Re: KDC Hardware... both need _extra ordinary security_ so it's easier to ... has a complete copy of the Kerberos database, including the keys for every ... Recovering from such a compromise requires issuing new ... EVEN IF THE KDC IS SHUT DOWN. ...(comp.protocols.kerberos)